Conventional point-to-point schemes such as IPSec (IP Security), TLS (Transport Layer Security), or SRTP (Secure Real-time Transport Protocol) are widely employed for secure protection of Internet traffic. However, the point-to-point schemes are inappropriate for a large-scale CPS where centralized computation servers continuously collect fixed-size data from a massive number of embedded devices attached to the CPS infrastructure, perform real-time data analysis, and, if necessary, send control commands to embedded devices.
First, due to their stateful property, centralized computation servers have to maintain security state per their associated embedded devices. i.e., each server needs O(NL)—memory space where N is the number of devices associated with the server and L is the size of security state. This raises server-side scalability issues for association management, performance, and restoration from failures. Next, the servers have a dependency on certificates or public-key operations for node authentication and key distribution. However, public-key based operations incur almost a hundred times more computing resources than symmetric-key operations and the size of the certificate chains is typically greater than 2K bytes. Therefore, it is difficult to implement these protocols on end devices with constrained computing power or bandwidth.
By contrast, conventional group security schemes which address the limitations of the point-to-point schemes have the following limitations. First, legitimate publishers in a group can listen to messages from other publishers in the group (privacy violation). i.e., conventional group security schemes cannot be used for privacy-conserving infrastructures such as smart metering. Second, compromised subscribers in a group can send messages to other subscribers since they can disguise as legitimate publishers (message authentication problem). This is a well-known open problem in group communications. Third, accidental or incidental exposure of a group encryption key to attackers may result in whole system failures (key exposure resilience problem). Lastly, group encryption keys must be updated to ensure forward-backward secrecy whenever a member joins or leaves the group (key refreshment problem). For a group with N members, refreshing a key needs O(N) message exchanges in a brute-force fashion and O(log N) in tree-based approaches such as LKH (Logical Key Hierarchy). However both O(N) message exchanges and key tree managements are costly for a CPS communication network that consists of a large number of embedded devices and is likely to be built over multiple access technologies including PLCs (Power Line Communications) and IEEE 802.15.4. Accordingly, there is a need for an improved group security communications scheme.